Sunday, February 11, 2007

NHS security constantly subverted

We have been told over and over again by the NHS that the highest security standards will be applied to centralised medical record databases, and that only authorised staff will have access to patient data. We have numerous practical examples showing this is pure fantasy:

  1. Ross Anderson's finding that health authorities were receiving around 6,000 pretext calls per week.

  2. The Information Commissioner's investigation that found medical records being illegally obtained by private investigators.

  3. The discovery that staff at the Leeds University NHS Trust make 70,000 unauthorised accesses per month to hospital systems.

Now it emerges that as a matter of policy, South Warwickshire General Hospitals NHS Trust is allowing accident and emergency staff to share smartcard logins to save time.

Peter Gutmann comments:

We (New Zealand health IT industry) found that out some years ago: In healthcare IT, there is only one user, and that's "whoever first signed onto the PC this morning" (and the healthcare security policy is "you can do whatever you want as long as you can justify it by saving the patient"). Unfortunately the bureaucrats still haven't grasped this.

Brian Gladman, ex-Ministry of Defence and NATO, says:

If my experience is anything to go by, the folk designing the software would have been well aware of the need to keep sign-on times low. What they would not have been aware of is the impact of a high assurance security architecture on the system cost involved in sign on and sign off.

MOD learnt this lesson over a decade ago when it had to write off several hundred million pounds by scrapping major 'secure' IT systems because the sign on times were measured in minutes and the reponse time for simple queries was even worse. Moreover users simply ignored security procedures and undermined the intended security in exactly the same way that we are now seeing in the NHS use of IT.

If, like me, you find it incredible that the government wants to put your medical records into these databases without your permission, you should join the Big Opt Out campaign.

No comments: